I basically want to save the facebook ID of a given user so I can receive more material via Facebook. Ideally I want a solution that neither uses javascript nor cookie, just serverside but there was no example, just directions, so I've put together one we can discuss. Here's the code that I think works when I just link a user to the OAuth dialog for my website:

So with this I can "log in with Facebook" for my website without a lot of messy javascript and cookies we don't want. I wanted to enable "log in with Facebook" for my website. It should work without cookies and without javascript but the first thing they try to make you do is Javascript and cookies. So I've made a solution that seems to work without cookie and without javascript, just OAuth 2.0: Can you say something about my "solution"? The practical use I'm looking for is enabling simple function which FB user did what on my website and admitting facebook accounts to log in the way that is getting standardized.

I just thought it must work without javascript SDK and without cookie and it seems it is the case. Can you tell what are my advantages and disdvantages with this "solution"? I think it's much better than Javascript + Cookie so why do they trick us to use javascript and cookie when the minimal example seems to be 100 % serverside?

Thank you

Update
It seems right and behaves right and I can also use the userdata with the datatore and render my FB name to the front page with no javascript and no cookie, just python:

having the variable fbuser for a facebook user and the variable user for a google user now admits me to use facebook for my website without buggy messy unneccessary javascript + cookie.

Now I could render and view my facebook name from my website which is great that it finally works the way it's supposed to indepedent of javascript and doesn't need a cookie.

Why does the documentation recommend javascript + cookie when serverside OAuth 2.0 is the cleanest solution? Do you agree that this is the best solution since it doesn't depend on if you use javascript or cookie?

Update
Possible duplicate question when I now have seen that other guys couldn't log out with server code, they had to resort to the Javascript SDK and a requirement can be that it must and should work with no javascript so I did some debugging and found that "clearing" the cookie and I had to change the name of the cookie and though it works I would like your comment and/or test how you think my project solved this. A logout link like this one should work but it doesn't. If I log out twice it works and that's why this is a strange bug since I could fix it but I still don't know what makes logout require a 2nd hit:

YOUR_URL must be a URL in your site domain, as defined in the
Developer App.

I wanted to do everything serverside and I found that the suggested way to link leaves the cookie so that the logout link doesn't work:
https://www.facebook.com/logout.php?next=http://{{host}}&access_token={{current_user.access_token}}
It does redirect but it doesn't log the user our of my website. It seemed like a Heisenbug since this was changing to me and there was not much documentation. I anyway seemed to be able to achieve the functionality with a handler that manipulates the cookie so that in effect the user is logged out:

I mocked together two basic providers
And I use the variable current_user for the facebook user and the variable user for the google user and the variable fbuser for a user who is logging in and therefore has no cookie match.

The cookie lookup code I use is the following and I think I understand it and that it does what I want:

I had to learn cookies to solve this and I hope you can comment more. Outputting the welcome message required 3 variables, one for google user, one for logged in facebook user and the variable fbuser for the case mentioned in the answer:

JavaScript/Cookies are used when you're trying to authenticate an new
user. That aren't exists in your database, and you don't have his
accessToken.

So I had to use 3 variables, maybe you can do it with only 2 variables?

Thanks for the link. This example was good since it's what I'm looking for plain OAuth and I understand that cookies are used for session management. I think everything works except my logout and the example provides a logouthandler very convenient since I've seen that other people have tried to do this without javascript and found it complicated
–
Niklas in StockholmNov 23 '11 at 19:42

The logouthandler works for me and that was the final component that was bugging me (logout). The link supplied by facebook does not clear the cookie so users stay logged in
–
Niklas in StockholmNov 24 '11 at 1:18

That's what I use today and it also works with foursquare. I'm considering to try and become an Oauth provider myself so that I can add my site same way that I add another provider. It was disadvantageous to make many different user models but now we can still use webapp2's user model that is an ndb.Expando I suppse one could develop the simpleauth so that we can add a provider without even redeploying a new app ersion, my idea is too keep provider data in the datastore so that you can add a provider from an admin web section.
–
Niklas in StockholmApr 16 '14 at 12:29

Interesting. let us know how that goes.
–
user1980175Apr 17 '14 at 6:05